PROGRAM ANALYSIS & SYNTHESIS
|
|
- Elvin Powell
- 5 years ago
- Views:
Transcription
1 Lecture Partial Programs, Program Repair, and Sketching PROGRAM ANALYSIS & SYNTHESIS EranYahav
2 Previously Synthesis from examples SMARTEdit String processing in spreadsheet from examples (a little bit)
3 Today Program Repair as a Game angelic non-determinism in the program Sketching completion of partial programs using a backing SAT solver Acks Program Repair slides from Barbara Jobstmann Sketching slides cannibalized from Armando Solar-Lezama 3
4 Reactive Systems Synthesis Systems (e.g., servers) Interact with environment Infinite duration (non-terminating) Finite data (or data abstractions) Control-oriented Verification Specifications Set of good behaviors (a language) Temporal logic (including safety and liveness) data Analysis [Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems., 99] [N. Halbwachs. Synchronous Programming of Reactive Systems. 993] time 4
5 How to verify a Reactive System? Core algorithm for linear-time temporal logic:. Source code auto/manual transition system (FSM). Specification auto/manual monitor violations 3. Check if model has a violating trace product of trans. system and monitor check for exists of a trace in product (emptiness) L(Program) L(Specification) L(Program) L( Specification) = L(Program Specification) = 5
6 Source Code unsigned int got_lock = 0;... : while(*) {... : if (*) { 3: lock(); 4: got_lock++;... 5: if (got_lock!= 0) { 6: unlock(); 7: got_lock--;... lock() lock: {LOCK:=; unlock() unlock: {LOCK:=0; 6
7 Step : Transition System int[0,,] got_lock = 0;... : while(*) {... : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock++;... 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock--;... 8: Trans. system variables: line (l), got_lock (gl) l=, gl=0 l=, gl= l=, gl= l=, gl=0 l=3, gl=0 l=lock,gl=0... l=, gl= l=3, gl= l=lock,gl= l=4, gl=0 l=4, gl= l=5, gl=0 l=5, gl= l=5, gl= l=6, gl= l=6, gl= l=unlock,gl= l=unlock,gl= l=7, gl=0 l=7, gl= l=7, gl= l=8, gl=
8 Specification P: do not acquire a lock twice P: do not call unlock without holding the lock P: always( line=lock implies next(line!=lock w-until line=unlock)) P: ( line!=unlock w-until line=lock )) and always( line=unlock implies next( line!=unlock w-until line=lock )) 8
9 Linear-Time Temporal Logic [Pnueli77] Syntax: Atomic propositions, e.g., line=, line!=, got_lock=0 Boolean operators: not, and, or, implies,... Temporal operators: next (ϕ) ϕ until ϕ... ϕ holds in the next step... ϕ holds until at some point ϕ holds Used in industrial spec languages PSL/SVA Can express many interesting properties, e.g., mutual exclusion, deadlock freedom, termination 9
10 Linear-Time Temporal Logic Semantics defined with respect to infinite traces in each step atomic propositions holds or not E.g., line=, got_lock line= line= got_lock... 0
11 Linear-Time Temporal Logic Semantics next (ϕ)... ϕ holds in the next step ϕ... ϕ until ϕ... ϕ holds until at some point ϕ holds ϕ ϕ ϕ ϕ ϕ System S satisfies/models ϕ, if all its behaviors satisfy ϕ
12 How to verify a Reactive System? Core algorithm for linear-time temporal logic:. Source code auto/manual transition system (FSM). Specification auto/manual monitor violations 3. Check if model has a violating trace product of trans. system and monitor check for exists of a trace in product (emptiness)
13 Step : Monitor for Violations P: always( line=lock implies next( line!=lock w-until line=unlock )) = not eventually( line=lock and next( line!=unlock until line=lock )) line!=unlock line=lock line=lock 3 s: non-deterministic choice s: no edge with line=unlock Automaton accepts trace/behavior if a green state is visited infinitely often (Büchi ) Why do we track bad and not good behaviors? L(S) L(ϕ): forall w: w L(S) w L(ϕ) exists w: w L(S) w L( ϕ) 3
14 Step 3: Product l=, gl=0 l=, gl= l=, gl= l=, gl=0... l=, gl= l=3, gl=0 l=3, gl= l=lock,gl=0 l=lock,gl= l=4, gl=0 l=4, gl= l=5, gl=0 l=5, gl= l=5, gl= l=6, gl= l=6, gl= l=unlock,gl= l=unlock,gl= l=7, gl=0 l=7, gl= l=7, gl= line!=unlock l=8, gl= line=loc k line=lock 3 4
15 Step 3: Product l=, gl=0 l=, gl= l=, gl= l=, gl=0... l=, gl= l=3, gl=0 l=3, gl= l=lock,gl=0 l=4, l=4, gl=0 gl=0 l=lock,gl= l=4, gl= l=5, gl=0 l=5, gl= l=5, gl= l=5, gl= l=6, gl= unlock, l=6, gl= unlock, l=6, gl= l=unlock,gl= l=7, gl=0 l=7, gl= l=7, gl= line!=unlock l=8, gl= line=loc k line=lock 3 5
16 Step 3: Product l=, gl=0 l=, gl= l=, gl= l=, gl= l=, gl=0... l=, gl= l=, gl= l=3, gl=0 l=3, gl= l=3, gl= l=lock,gl=0 l=lock,gl= l=lock,gl= l=4, l=4, gl=0 gl=0 l=4, gl= l=4, gl= l=4, gl= 3 l=5, gl=0 l=5, gl=0 l=5, gl= l=5, gl= l=5, gl= l=6, gl= unlock, l=6, gl= unlock, l=6, gl= l=unlock,gl= l=7, gl=0 l=7, gl=0 l=7, gl= l=7, gl= line!=unlock l=8, gl= line=loc k line=lock 3 Recall, we want to show a violation: 6
17 Step 3: Product l=, gl=0 l=, gl= l=, gl= l=, gl= l=, gl=0... l=, gl= l=, gl= l=3, gl=0 l=3, gl= l=3, gl= l=lock,gl=0 l=lock,gl= l=lock,gl= l=4, l=4, gl=0 gl=0 l=4, gl= l=4, gl= l=4, gl= 3 l=5, gl=0 l=5, gl=0 l=5, gl= l=5, gl= l=5, gl= l=6, gl= unlock, l=6, gl= unlock, l=6, gl= l=unlock,gl= l=7, gl=0 l=7, gl=0 l=7, gl= l=7, gl= line!=unlock l=8, gl= line=loc k line=lock Recall, we want to show a violation: non-determinism in transition system and in monitor pull in the same direction (both can be used to violate property) 3 7
18 Source Code int[0,,] got_lock = 0;... : while(*) {... : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock++;... 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock--;... 8: line = line = line = 5 line = 7 line = line = line = 3 line = lock line = 4 line = 5 line = 7 line = line = line = 3 line = lock 8
19 How to verify a Reactive System? Core algorithm for linear-time temporal logic:. Source code auto/manual transition system (FSM). Specification auto/manual monitor violations 3. Check if model has a violating trace product of trans. system and monitor check for exists of a trace in product (emptiness) But how to repair it? 9
20 How to repair a Reactive System?. Add freedom (choice for the system, allowed ways to modify system). Source code a/m transition system (game) 3. Specification a/m monitor acceptance 4. Check if we can find system choices s.t. model is accepted by monitor product of trans. system and monitor search for winning strategy in game 0
21 Step : Freedom int[0,,] got_lock = 0; int[0,,] freedom;... : while(*) {... : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock:=freedom;... 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock:=freedom;... 8: (We can also extend to fault localization)
22 Step : Game int[0,,] got_lock = 0; int[0,,] freedom;... : while(*) {... : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock:=freedom;... 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock:=freedom;... 8: Trans. system variables: line (l), got_lock (gl) l=, gl=0 l=, gl=0 l=3, gl=0 l=lock,gl=0 l=4, gl=0 l=5, gl=0 f=0 f= l=7, gl=0 l=8, gl=0 f= l=, gl=... l=5, gl= l=6, gl= l=unlock,gl= l=7, gl= l=, gl= l=, gl= l=3, gl= l=lock,gl= l=4, gl= f=0 f= f= f= f=0 l=5, gl= l=6, gl= l=unlock,gl= l=7, gl=......
23 Step : Game int[0,,] got_lock = 0; int[0,,] freedom;... : while(*) {... : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock:=freedom;... 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock:=freedom;... 8: Trans. system variables: line (l), got_lock (gl) l=, gl=0 l=, gl=0 l=3, gl=0 l=lock,gl=0 l=4, gl=0 l=5, gl=0 f=0 f= l=7, gl=0 l=8, gl=0 f= l=, gl=... l=5, gl= l=6, gl= l=unlock,gl= l=7, gl= l=, gl= l=, gl= l=3, gl= l=lock,gl= l=4, gl= f=0 f= f= f= l=5, gl= l=6, gl= l=unlock,gl= l=7, gl= Two types of non-determinism! 3 f=0
24 Step : Game int[0,,] got_lock = 0; int[0,,] freedom;... : while(*) {... : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock:=freedom;... 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock:=freedom;... 8: Trans. system variables: line (l), got_lock (gl) l=, gl=0 l=, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 f=0 f= l=7, gl=0 l=8, gl=0 f= l=, gl=... l=5, gl= l=6, gl= l=unlock, gl= l=7, gl= l=, gl= l=, gl= l=3, gl= l=lock, gl= l=4, gl= f=0 f= f= f= l=5, gl= l=6, gl= l=unlock, gl= l=7, gl= Two types of non-determinism! 4 f=0
25 Step 3: Monitor for Acceptance P: always( line=lock implies next( line!=lock w-until line=unlock )) line!=lock line=lock line!=lock & line!=unlock line=unlock line=lock Since game has two types of non-determinism, we need to be careful with non-determinism in monitor. 5
26 Problem with Nondeterminism Coffee machine is correct if there is no water or if button is pressed machine serves coffee: eventually always(not water) or always(pressed implies eventually coffee) and always(not water implies not coffee) w=0 w= or c=0 p= and (w= or c=0) c=0 or w= O K p=0 and w= or c=0 O K c= and w= (Coffee machine wins if it visits a green state infinitely often) 6
27 Step 3: Det. Monitor for Acceptance P: always( line=lock implies next( line!=lock w-until line=unlock )) line!=lock line=lock line!=lock & line!=unlock 3 line=unlock line=lock Classical approach: make it deterministic (more powerful acceptance required) 7
28 Step 3: Product TS for got_lock in {0, Deterministic automaton l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l!=lock l=lock l!=lock & l!=unlock l=4, gl=0 l=5, gl=0 l=4, gl=0 0 0 l=5, gl= l=6, gl= l=unlock, gl= 0 0 l=unlock l=lock 3 l=7, gl=0 l=7, gl= l=8, gl=0... 8
29 Step 3: Produce l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 0 0 l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= 0 0 l=4, gl= l=4, gl=0 l=4, gl= l=4, gl= l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= 3 l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= l!=lock l=lock l=unlock l!=lock & l!=unlock l=lock 3 9
30 Step 4: Winning States l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=4, gl=0 l=4, gl= l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= 3 l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= l!=lock l=lock l=unlock l!=lock & l!=unlock l=lock 3 30
31 Step 4: Winning States l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=4, gl=0 l=4, gl= l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= 3 l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= l!=lock l=lock l=unlock l!=lock & l!=unlock l=lock 3 3
32 Step 4: Winning States l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=4, gl=0 l=4, gl= l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= 3 l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= l!=lock l=lock l=unlock l!=lock & l!=unlock l=lock 3 3
33 Step 4: Winning States l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=4, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= 33
34 Step 4: Winning Strategy l=, gl=0 l=, gl= In general: strategy is function of program and monitor state l=, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 0 l=5, gl=0 l=7, gl=0 0 0 l=, gl= l=3, gl=0 l=lock, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=7, gl= l=4, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= Strategy to Repair: if (l=4 & gl=0 & s=) freedom:=0 if (l=4 & gl= & s=) freedom:= if (l=4 & gl=0 & s=0) freedom:= if (l=7 & gl=0 & s=) freedom:=0 if (l=7 & gl= & s=) freedom:=0.. freedom := f(l,gl,s) if (line=4) freedom := (gl=) (s=) if (line=7) freedom := 0 l=8, gl=0 l=8, gl= What we actually do: merge states before picking the strategy 34
35 Step 4: Winning Strategy l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=4, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=4, gl=0 l=4, gl= l=5, gl=0 l=5, gl= 0 0 l=6, gl= l=unlock, gl= l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= 35
36 Step 4: Winning Strategy (line=4): freedom= (line=7): freedom= 0 l=, gl=0 l=, gl=0 l=3, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 0 0 l=7, gl=0 l=, gl= l=, gl= l=3, gl=0 l=lock, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=7, gl= l=8, gl=0 l=8, gl= 36
37 Repaired Program unsigned int got_lock = 0;... : while(*) {... : if (*) { 3: lock(); 4: got_lock = ;... 5: if (got_lock!= 0){ 6: unlock(); 7: got_lock = 0;... lock() { lock: LOCK:=; unlock(){ unlock: LOCK:=0; Specification P: do not acquire a lock twice P: do not call unlock without holding the lock P: always( line=lock implies next( line!=lock w-until line=unlock )) P: ( line!=unlock w-until line=lock )) and always( line=unlock implies next( line!=unlock w-until line=lock )) (slide adapted with permission from Barbara Jobstmann) 37
38 Recap: How to Repair a Reactive System?. Add freedom choice for the system, space of permitted modifications to the system. Source code transition system (game) non-determinism in the program (demonic) non-determinism in permitted modification (angelic) 3. Specification monitor acceptance 4. Check if we can find system choices s.t. model is accepted by monitor product of trans. system and monitor search for winning strategy in game 38
39 Program Repair Program Finite-state program Game Game TS: program with freedom Solve game Monitor Monitor TS: Winning condition (Simple) Strategy Specification Correct Program with Bloem, Griesmayer, Staber in CAV 005, CHARME 005 (+ext to fault localization)
40 Classical Controller Synthesis FSM + freedom + monitor Initially defined for invariants Game Game TS + winning cond. Solve game (Simple) Strategy Correct Program Ramadge, Wonham 87, Book by Cassandras, Lafortune 99/07
41 Synthesis from Temporal Logics Game Solve game Monitor + interface definition Monitor TS: Winning condition (Simple) Strategy Specification Correct Program Church (96), Büchi/Landweber (969, games), Rabin (97, trees), Pnueli/Rosner (989, LTL)
42 Program Synthesis Program Game FSM + freedom Game TS Solve game Monitor Monitor TS: Winning condition (Simple) Strategy Specification Correct Program Modern Controller Synthesis, see overview papers by Walukiewicz et al., Rutten & Girault,...
43 Issues? Program How to abstract? FSM + freedom Game Game TS Size? Solve game How to solve efficiently? How to construct efficiently? Monitor Monitor TS: Winning condition How expressive? Size? (Simple) Strategy How to pick a strategy? How to specify? Specification Related research areas: How to map PL, AV, Control Theory, back? Game and Automata Theory Correct Program
44 Issues with Monitor for LTL Determinization construction (Safra s) EXP worst case complexity LTL is very succinct How to construct efficiently? Monitor Monitor TS: Winning condition How expressive? Size?
45 Some Solutions Concentrate on subsets (different types of games) Ramadge, Wonham (Proc IEEE 89) Asarin, Maler, Pnueli, Sifakis (SSC 98) Alur, La Torre (LICS'0) Alur, Madhusudan, Nam (BMC'03, STTT'05) Wallmeier, Hütter, Thomas (CIAA'03) Harding, Ryan, Schobbens (TACAS'05) Jobstmann, Bloem (CAV 05) Piterman, Pnueli, Sa'ar (VMCAI'06) (base of our work on synthesizing AMBA) Optimize or avoid determinzation construction Althoff, Thomas, Wallmeier (CIAA'05,TCS'06) Piterman, Henzinger (CSL'06) Kupferman, Vardi (FOCS'05) Kupferman, Piterman, Vardi (CAV'06) Schewe, Finkbeiner (ATVA'07), Filiot, Jin, Raskin (CAV'09) Symbolic representation (e.g., using BDDs) Safety, Reachability Büchi, co-büchi Det. generators for several subsets Safety+ using SAT, QBF, and BDDs Request-Response Work with nondet. automaton Identified syntactic subset Generalized Reactivity- (GR-) Implemented Safra Improved Safra, Good-for-game Bounded Synthesis (using co-büchi)
46 Next More partial programs this time with Sketching 46
47 What is sketching? A program synthesis system generates small fragments of code checks their validity against a specification A programming aid help you write tricky programs cleverness and insight come from you sorry, no programming robots computer helps with low-level reasoning
48 The sketching experience sketch implementation (completed sketch)
49 Sketch language basics Sketches are programs with holes write what you know use holes for the rest semantic issues specifications How does SKETCH know what program you actually want? holes Constrain the set of solutions the synthesizer may consider
50 Specifications Specifications constrain program behavior assertions assert x > y; function equivalence blockedmatmul(mat a, Mat b) implements matmul Is this enough?
51 Holes Holes are placeholders for the synthesizer synthesizer replaces hole with concrete code fragment fragment must come from a set defined by the user
52 Integer hole Define sets of integer constants Example: Hello World of Sketching spec: int foo (int x) { return x + x; sketch: int bar (int x) implements foo { return x *??; Integer Hole
53 Integer Holes Sets of Expressions Example: Find least significant zero bit Trick: int W = 3; bit[w] isolate0 (bit[w] x) { // W: word size bit[w] ret = 0; for (int i = 0; i < W; i++) if (!x[i]) { ret[i] = ; return ret; Adding to a string of ones turns the next zero to a i.e = 00000!(x +??) & (x +??)!(x + ) & (x + 0)!(x + 0) & (x + )!(x + ) & (x + 0xFFFF)!(x + 0xFFFF) & (x + )
54 Integer Holes Sets of Expressions Example: Least Significant Zero Bit int W = 3; bit[w] isolate0 (bit[w] x) { // W: word size bit[w] ret = 0; for (int i = 0; i < W; i++) if (!x[i]) { ret[i] = ; return ret; bit[w] isolatesk (bit[w] x) implements isolate0 { return!(x +??) & (x +??) ;
55 Integer Holes Sets of Expressions Least Significant One Bit int W = 3; bit[w] isolate0 (bit[w] x) { // W: word size bit[w] ret = 0; for (int i = 0; i < W; i++) if (x[i]) { ret[i] = ; return ret; Will the same trick work? try it out
56 Integer Holes Sets of Expressions Expressions with?? == sets of expressions linear expressions x*?? + y*?? polynomials x*x*?? + x*?? +?? sets of variables??? x : y Semantically powerful but syntactically clunky Regular Expressions are a more convenient way of defining sets
57 Regular Expression Generators { RegExp RegExp supports choice and optional? can be used arbitrarily within an expression to select operands { (x y z) + to select operators { x (+ -) y to select fields { n(.prev.next)? to select arguments { foo( x y, z) Set must respect the type system all expressions in the set must type-check all must be of the same type
58 Least Significant One revisited How did I know the solution would take the form!(x +??) & (x +??). What if all you know is that the solution involves x, +, & and!. bit[w] tmp=0; { x tmp = { (!)?((x tmp) (& +) (x tmp??)) ; { x tmp = { (!)?((x tmp) (& +) (x tmp??)) ; return tmp; This is now a set of statements (and a really big one too)
59 Sets of statements Statements with holes = sets of statements Higher level constructs for Statements too repeat bit[w] tmp=0; repeat(3){ { x tmp = { (!)?((x tmp) (& +) (x tmp??)) ; return tmp;
60 repeat Avoid copying and pasting repeat(n){ s s;s; s; each of the n copies may resolve to a distinct stmt n can be a hole too. bit[w] tmp=0; repeat(??){ { x tmp = { (!)?((x tmp) (& +) (x tmp??)) ; return tmp; Keep in mind: the synthesizer won t try to minimize n use --unrollamnt to set the maximum value of n n
61 Example: logcount int pop (bit[w] x) { int count = 0; for (int i = 0; i < W; i++) { if (x[i]) count++; return count;
62 Procedures and Sets of Procedures types of procedures standard procedures represents a single procedure all call sites resolve to the same procedure identified by the keyword static generators represents a set of procedures each call site resolves to a different procedure in the set default in the current implementation
63 Example int rec(int x, int y, int z){ int t =??; if(t == 0){return x; if(t == ){return y; int spec( int x, int y, int z ){ return (x + x) * (y - z); if(t == ){return z; if(t == 3){return rec(x,y,z) * rec(x,y,z); if(t == 4){return rec(x,y,z) + rec(x,y,z); if(t == 5){return rec(x,y,z) - rec(x,y,z); int sketch( int x, int y, int z ) implements spec{ return rec(x,y, z);
64 Step : Turn holes into special inputs The?? Operator is modeled as a special input we call them control inputs bit[w] isolsk(bit[w] x) { return ~(x +??) & (x +??); bit[w] isolsk(bit[w] x, bit[w] c, c) { return ~(x + c) & (x + c); Bounded candidate spaces are important bounded unrolling of repeat is important bounded inlining of generators is important
65 Step : Constraining the set of controls Correct control causes the spec & sketch to match for all inputs causes all assertions to be satisfied for all inputs Constraints are collected into a predicate Q(in, c)
66 int popsketched (bit[w] x) implements pop { loop (??) { x = (x &??) + ((x >>??) &??); return x; x & >> mux x & >> mux x & + & + & >> S(x,c) = x mux + &
67 Ex : Population count. int pop (bit[w] x) { int count = 0; for (int i = 0; i < W; i++) { if (x[i]) count++; return count; x count one count count + mux + mux + Q(in, c) S(x,c)==F(x) F(x) = count count mux mux +
68 A Sketch as a constraint system Synthesis reduces to constraint satisfaction c x.q(x,c) Constraints are too hard for standard techniques Universal quantification over inputs Too many inputs Too many constraints Too many holes
69 Insight Sketches are not arbitrary constraint systems They express the high level structure of a program A small set of inputs can fully constrain the soln focus on corner cases c x in E.Q(x,c) where E = {x, x,, x k This is an inductive synthesis problem! but how do we find the set E? and how do we solve the inductive synthesis problem?
70 Step 3: Counterexample Guided Inductive Synthesis Idea: Couple inductive synthesizer with a verifier Verifier is charged with detecting convergence succeed candidate implementation Inductive Synthesizer Derive candidate implementation from concrete inputs fail buggy Validation Verification as a subproblem ok c x in E.Q(x,c) fail observation set E Standard implementation uses SAT based bounded checker
71 Inductive Synthesis Deriving a candidate from a set of observations c x in E.Q(x,c) where E = {x, x,, x k Encode c as a bit-vector natural encoding given the integer holes Encode Q(x i, c) as boolean constraints on the bit-vector Solve constraints using SAT solver with lots of preprocessing in between
72 Summary 7
Introduction to Sketching
Introduction to Sketching IAP 2008 Armando Solar-Lezama What is sketching? A program synthesis system - generates small fragments of code - checks their validity against a specification A programming aid
More informationCSC410 Program Synthesis AZADEH FARZAN FALL 2017
CSC410 Program Synthesis AZADEH FARZAN FALL 2017 The idea Produce small code fragments that satisfy the given specification As a programming aid: It helps you write programs. The insight is yours, the
More informationBeyond Verification. Software Synthesis
Beynd Verificatin Sftware Synthesis 1 What d we mean by synthesis We want t get cde frm high-level specs - Pythn and VB are pretty high level, why is that nt synthesis? Supprt cmpsitinal and incremental
More informationEXCAPE SEMINAR SEPT 10, Armando Solar-Lezama
SKETCH TUTORIAL EXCAPE SEMINAR SEPT 10, 2012 Armando Solar-Lezama http://bit.ly/sketch2012 What is Sketch A programming language with synthesis capabilities A platform for synthesis research Rapidly try
More informationT Reactive Systems: Kripke Structures and Automata
Tik-79.186 Reactive Systems 1 T-79.186 Reactive Systems: Kripke Structures and Automata Spring 2005, Lecture 3 January 31, 2005 Tik-79.186 Reactive Systems 2 Properties of systems invariants: the system
More informationTimo Latvala. January 28, 2004
Reactive Systems: Kripke Structures and Automata Timo Latvala January 28, 2004 Reactive Systems: Kripke Structures and Automata 3-1 Properties of systems invariants: the system never reaches a bad state
More informationFormal Methods in Software Engineering. Lecture 07
Formal Methods in Software Engineering Lecture 07 What is Temporal Logic? Objective: We describe temporal aspects of formal methods to model and specify concurrent systems and verify their correctness
More informationProperty-based design with HORUS / SYNTHORUS
Property-based design with HORUS / SYNTHORUS Dominique Borrione, Negin Javaheri, Katell Morin-Allory, Yann Oddos, Alexandre Porcher Radboud University, Nijmegen 1 March 27, 2013 Functional specifications
More informationSoftware Model Checking: Theory and Practice
Software Model Checking: Theory and Practice Lecture: Specification Checking - Specification Patterns Copyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course
More information4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271
Mel Checking LTL Property System Mel Mel Checking CS 4271 Mel Checking OR Abhik Roychoudhury http://www.comp.nus.edu.sg/~abhik Yes No, with Counter-example trace 2 Recap: Mel Checking for mel-based testing
More informationCOMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University
Eugene Syriani Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science McGill University 1 OVERVIEW In the context In Theory: Timed Automata The language: Definitions and Semantics
More informationCrash Course in Applied PL
Crash Course in Applied PL (with applications to Networks) Software Reliability Lab Department of Computer Science ETH Zurich Overview of Applied PL techniques Static Analysis Program Synthesis ibgp, OSPF,
More informationModel Checking with Automata An Overview
Model Checking with Automata An Overview Vanessa D Carson Control and Dynamical Systems, Caltech Doyle Group Presentation, 05/02/2008 VC 1 Contents Motivation Overview Software Verification Techniques
More informationFrom Boolean to Quantitative Synthesis
From Boolean to Quantitative Synthesis Pavol Černý IST Austria cernyp@ist.ac.at Thomas A. Henzinger IST Austria tah@ist.ac.at ABSTRACT Motivated by improvements in constraint-solving technology and by
More informationXuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata
BACH: Path-oriented Reachability Checker of Linear Hybrid Automata Xuandong Li Department of Computer Science and Technology, Nanjing University, P.R.China Outline Preliminary Knowledge Path-oriented Reachability
More informationSciduction: Combining Induction, Deduction and Structure for Verification and Synthesis
Sciduction: Combining Induction, Deduction and Structure for Verification and Synthesis (abridged version of DAC slides) Sanjit A. Seshia Associate Professor EECS Department UC Berkeley Design Automation
More informationIntroduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL
Introduction to Linear-Time Temporal Logic CSE 814 Introduction to LTL 1 Outline Motivation for TL in general Types of properties to be expressed in TL Structures on which LTL formulas are evaluated Syntax
More informationSynthesizing Finite-state Protocols from Scenarios and Requirements
Synthesizing Finite-state Protocols from Scenarios and Requirements Rajeev Alur 1, Milo Martin 1, Mukund Raghothaman 1, Christos Stergiou 1,2, Stavros Tripakis 2,3, and Abhishek Udupa 1 1 University of
More informationReactive Synthesis using Sketching
Reactive Synthesis using Sketching Garvit Juniwal UC Berkeley Email: garvitjuniwal@eecs.berkeley.edu Abstract We first formalize the idea of using sketching(completing partial programs using specifications)
More informationCS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan Remember Symbolic Model Checking Represent sets of states and the transition relation as Boolean logic formulas
More informationSoftware Model Checking with Abstraction Refinement
Software Model Checking with Abstraction Refinement Computer Science and Artificial Intelligence Laboratory MIT Armando Solar-Lezama With slides from Thomas Henzinger, Ranjit Jhala and Rupak Majumdar.
More informationPROGRAM ANALYSIS & SYNTHESIS
Lecture 02 Structural Operational Semantics (SOS) PROGRAM ANALYSIS & SYNTHESIS EranYahav 1 Previously static analysis over-approximation of program behavior abstract interpretation abstraction, transformers,
More informationTutorial on Model Checking Modelling and Verification in Computer Science
Tutorial on Model Checking Modelling and Verification in Computer Science Armin Biere Institute for Formal Models and Verification Johannes Kepler University, Linz, Austria Abstract. This paper serves
More informationLeveraging DTrace for runtime verification
Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo Context: Runtime verification Desired properties System Every request gets
More informationVerifying Liveness Properties of ML Programs
Verifying Liveness Properties of ML Programs M M Lester R P Neatherway C-H L Ong S J Ramsay Department of Computer Science, University of Oxford ACM SIGPLAN Workshop on ML, 2011 09 18 Gokigeny all! Motivation
More informationCSE507. Practical Applications of SAT. Computer-Aided Reasoning for Software. Emina Torlak
Computer-Aided Reasoning for Software CSE507 Practical Applications of SAT courses.cs.washington.edu/courses/cse507/18sp/ Emina Torlak emina@cs.washington.edu Today Past 2 lectures The theory and mechanics
More informationDouble Header. Two Lectures. Flying Boxes. Some Key Players: Model Checking Software Model Checking SLAM and BLAST
Model Checking #1 Double Header Two Lectures Model Checking Software Model Checking SLAM and BLAST Flying Boxes It is traditional to describe this stuff (especially SLAM and BLAST) with high-gloss animation
More informationModel checking Timber program. Paweł Pietrzak
Model checking Timber program Paweł Pietrzak 1 Outline Background on model checking (spam?) The SPIN model checker An exercise in SPIN - model checking Timber Deriving finite models from Timber programs
More informationPARTY Parameterized Synthesis of Token Rings
PARTY Parameterized Synthesis of Token Rings Ayrat Khalimov, Swen Jacobs, and Roderick Bloem Graz University of Technology, Austria Abstract. Synthesis is the process of automatically constructing an implementation
More informationLecture 2: Symbolic Model Checking With SAT
Lecture 2: Symbolic Model Checking With SAT Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (Joint work over several years with: A. Biere, A. Cimatti, Y.
More informationPARTY Parameterized Synthesis of Token Rings
PARTY Parameterized Synthesis of Token Rings Ayrat Khalimov, Swen Jacobs, and Roderick Bloem Graz University of Technology, Austria Abstract. Synthesis is the process of automatically constructing an implementation
More informationAutomated Formal Methods for Embedded Systems
Automated Formal Methods for Embedded Systems Bernd Finkbeiner Universität des Saarlandes Reactive Systems Group 2011/02/03 Bernd Finkbeiner (UdS) Embedded Systems 2011/02/03 1 / 48 Automated Formal Methods
More informationModel-Checking Concurrent Systems. The Model Checker Spin. The Model Checker Spin. Wolfgang Schreiner
Model-Checking Concurrent Systems Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at 1.
More informationThe Spin Model Checker : Part I/II
The Spin Model Checker : Part I/II Moonzoo Kim CS Dept. KAIST Korea Advanced Institute of Science and Technology Motivation: Tragic Accidents Caused by SW Bugs 2 Cost of Software Errors June 2002 Software
More informationSystem Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements
System Correctness EEC 421/521: Software Engineering A Whirlwind Intro to Software Model Checking A system is correct when it meets its requirements a design without requirements cannot be right or wrong,
More informationVerifying C & C++ with ESBMC
Verifying C & C++ with ESBMC Denis A Nicole dan@ecs.soton.ac.uk CyberSecuritySoton.org [w] @CybSecSoton [fb & tw] ESBMC ESBMC, the Efficient SMT-Based Context-Bounded Model Checker was originally developed
More informationFinite State Verification. CSCE Lecture 14-02/25/2016
Finite State Verification CSCE 747 - Lecture 14-02/25/2016 So, You Want to Perform Verification... You have a property that you want your program to obey. Great! Let s write some tests! Does testing guarantee
More informationFormal Methods for Software Development
Formal Methods for Software Development Model Checking with Temporal Logic Wolfgang Ahrendt 21st September 2018 FMSD: Model Checking with Temporal Logic /GU 180921 1 / 37 Model Checking Check whether a
More informationModel Checking Revision: Model Checking for Infinite Systems Revision: Traffic Light Controller (TLC) Revision: 1.12
Model Checking mc Revision:.2 Model Checking for Infinite Systems mc 2 Revision:.2 check algorithmically temporal / sequential properties fixpoint algorithms with symbolic representations: systems are
More informationFinite State Verification. CSCE Lecture 21-03/28/2017
Finite State Verification CSCE 747 - Lecture 21-03/28/2017 So, You Want to Perform Verification... You have a property that you want your program to obey. Great! Let s write some tests! Does testing guarantee
More informationComputer Lab 1: Model Checking and Logic Synthesis using Spin (lab)
Computer Lab 1: Model Checking and Logic Synthesis using Spin (lab) Richard M. Murray Nok Wongpiromsarn Ufuk Topcu Calornia Institute of Technology AFRL, 25 April 2012 Outline Spin model checker: modeling
More informationVerifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China
Verifying Temporal Properties via Dynamic Program Execution Zhenhua Duan Xidian University, China Main Points Background & Motivation MSVL and Compiler PPTL Unified Program Verification Tool Demo Conclusion
More informationImplementation of Lexical Analysis. Lecture 4
Implementation of Lexical Analysis Lecture 4 1 Tips on Building Large Systems KISS (Keep It Simple, Stupid!) Don t optimize prematurely Design systems that can be tested It is easier to modify a working
More informationSafra's Büchi determinization algorithm
Safra's Büchi determinization algorithm Aditya Oak Seminar on Automata Theory 28 Jan 2016 Introduction Proposed by S. Safra in 1988 For determinization of non-deterministic Büchi automaton Gives equivalent
More informationTool demonstration: Spin
Tool demonstration: Spin 1 Spin Spin is a model checker which implements the LTL model-checking procedure described previously (and much more besides). Developed by Gerard Holzmann of Bell Labs Has won
More informationCourse Overview CS294: Program Synthesis for Everyone
Course Overview CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California, Berkeley The name of the course this CS294 topics course has been listed
More informationNuSMV 2.2 Tutorial. Roberto Cavada, Alessandro Cimatti, Gavin Keighren, Emanuele Olivetti, Marco Pistore and Marco Roveri
NuSMV 2.2 Tutorial Roberto Cavada, Alessandro Cimatti, Gavin Keighren, Emanuele Olivetti, Marco Pistore and Marco Roveri IRST - Via Sommarive 18, 38055 Povo (Trento) Italy Email: nusmv@irst.itc.it Contents
More informationT Parallel and Distributed Systems (4 ECTS)
T 79.4301 Parallel and Distriuted Systems (4 ECTS) T 79.4301 Rinnakkaiset ja hajautetut järjestelmät (4 op) Lecture 4 11th of Feruary 2008 Keijo Heljanko Keijo.Heljanko@tkk.fi T 79.4301 Parallel and Distriuted
More informationThe 4th Reactive Synthesis Competition - SYNTCOMP 2017
The 4th Reactive Synthesis Competition - SYNTCOMP 2017 Swen Jacobs Saarland University Roderick Bloem TU Graz 22 July 2017 SYNT Workshop, Heidelberg SYNTCOMP: Goals Make reactive synthesis tools comparable:
More informationAction Language Verifier, Extended
Action Language Verifier, Extended Tuba Yavuz-Kahveci 1, Constantinos Bartzis 2, and Tevfik Bultan 3 1 University of Florida 2 Carnegie Mellon University 3 UC, Santa Barbara 1 Introduction Action Language
More informationALASKA Antichains for Logic, Automata and Symbolic Kripke structures Analysis
ALASKA Antichains for Logic, Automata and Symbolic Kripke structures Analysis M. De Wulf 1, L. Doyen 2, N. Maquet 1 and J.-F. Raskin 1 1 Université Libre de Bruxelles (ULB), Belgium 2 École Polytechnique
More informationLecture 9: Reachability
Lecture 9: Reachability Outline of Lecture Reachability General Transition Systems Algorithms for Reachability Safety through Reachability Backward Reachability Algorithm Given hybrid automaton H : set
More informationThe SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini Lezione 1 2013 Slides liberamente adattate da Logic Model Checking, per gentile concessione di Gerard J. Holzmann http://spinroot.com/spin/doc/course/
More informationInferring Synchronization under Limited Observability
Inferring Synchronization under Limited Observability Martin Vechev, Eran Yahav, and Greta Yorsh IBM T.J. Watson Research Center Abstract. This paper addresses the problem of automatically inferring synchronization
More informationTrading Memory for Randomness
Trading Memory for Randomness Krishnendu Chatterjee Luca de Alfaro Thomas A. Henzinger EECS, University of California, Berkeley,USA CE, University of California, Santa Cruz,USA Computer and Communication
More informationDeductive Methods, Bounded Model Checking
Deductive Methods, Bounded Model Checking http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Deductive methods Pavel Parízek Deductive Methods, Bounded
More informationProgramming with Constraint Solvers CS294: Program Synthesis for Everyone
Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California, Berkeley Today Today: we describe four programming
More informationINF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen
INF672 Protocol Safety and Verication Karthik Bhargavan Xavier Rival Thomas Clausen 1 Course Outline Lecture 1 [Today, Sep 15] Introduction, Motivating Examples Lectures 2-4 [Sep 22,29, Oct 6] Network
More informationProving the Correctness of Distributed Algorithms using TLA
Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)
More informationAutomatic Hardware Synthesis from Specifications: A Case Study
Automatic Hardware Synthesis from Specifications: A Case Study Roderick Bloem 1 Stefan Galler 1 Barbara Jobstmann 1 Nir Piterman 2 Amir Pnueli 3 Martin Weiglhofer 1 1 Graz University of Technology 2 EPFL
More informationModel-Checking Concurrent Systems
Model-Checking Concurrent Systems Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at Wolfgang
More informationThe Sketching Approach to Program Synthesis
The Sketching Approach to Program Synthesis Armando Solar-Lezama Massachusetts Institute of Technology Abstract. Sketching is a new form of localized software synthesis that aims to bridge the gap between
More informationFault Detection of Reachability Testing with Game Theoretic Approach
Fault Detection of Reachability Testing with Game Theoretic Approach S. Preetha Dr.M. Punithavalli Research Scholar, Karpagam University, Coimbatore. Director, Sri Ramakrishna Engineering College, Coimbatore.
More informationNo model may be available. Software Abstractions. Recap on Model Checking. Model Checking for SW Verif. More on the big picture. Abst -> MC -> Refine
No model may be available Programmer Software Abstractions Tests Coverage Code Abhik Roychoudhury CS 5219 National University of Singapore Testing Debug Today s lecture Abstract model (Boolean pgm.) Desirable
More informationAnalysis of Boolean Programs TACAS 2013
Analysis of Boolean Programs Patrice Godefroid Microsoft Research Mihalis Yannakakis Columbia University Page 1 March 2013 What is a Boolean Program? All variables have Boolean type, recursive procedures
More informationwant turn==me wait req2==0
Uppaal2k: Small Tutorial Λ 16 October 2002 1 Introduction This document is intended to be used by new comers to Uppaal and verification. Students or engineers with little background in formal methods should
More informationOn the Language Inclusion Problem for Timed Automata: Closing a Decidability Gap
SVC On the Language Inclusion Problem for Timed Automata 1 On the Language Inclusion Problem for Timed Automata: Closing a Decidability Gap Joël Ouaknine Computer Science Department, Carnegie Mellon University
More informationMore on Verification and Model Checking
More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,
More informationModel checking pushdown systems
Model checking pushdown systems R. Ramanujam Institute of Mathematical Sciences, Chennai jam@imsc.res.in Update Meeting, IIT-Guwahati, 4 July 2006 p. 1 Sources of unboundedness Data manipulation: integers,
More informationCS 510/13. Predicate Abstraction
CS 50/3 Predicate Abstraction Predicate Abstraction Extract a finite state model from an infinite state system Used to prove assertions or safety properties Successfully applied for verification of C programs
More informationProving Dekker with SPIN and PROMELA
15-410...fairness disabled... Proving Dekker with SPIN and PROMELA Joshua Wise With help from Greg Hartman L36_SPIN 1 Synchronization Project 4 due Wednesday Everyone having fun? Kernel interviews If you
More informationLexical Analysis. Lecture 2-4
Lexical Analysis Lecture 2-4 Notes by G. Necula, with additions by P. Hilfinger Prof. Hilfinger CS 164 Lecture 2 1 Administrivia Moving to 60 Evans on Wednesday HW1 available Pyth manual available on line.
More informationCounterexample Guided Abstraction Refinement in Blast
Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast 17-654/17-754 Analysis of Software Artifacts Jonathan Aldrich 1 How would you analyze this? * means something
More informationModel Checking. Automatic Verification Model Checking. Process A Process B. when not possible (not AI).
Sérgio Campos scampos@dcc.ufmg.br Why? Imagine the implementation of a complex hardware or software system: A 100K gate ASIC perhaps 100 concurrent modules; A flight control system dozens of concurrent
More informationAutomated Reasoning. Model Checking with SPIN (II)
Automated Reasoning Model Checking with SPIN (II) Alan Bundy page 1 Verifying Global Properties Assertions can be used to verify a property locally For example, place assert(memreturned) at the end of
More informationF-Soft: Software Verification Platform
F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com
More informationFormalizing Timing Diagram Requirements:
in Discrete Duration Calculus Rajmohan Mattaplacket 1, Paritosh 1, Amol Wakankar 2 Tata Institute of Fundamental Research, Mumbai Bhabha Atomic Research Center, Mumbai November 25, 2017 Formal Requirement
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationMIT Specifying Languages with Regular Expressions and Context-Free Grammars. Martin Rinard Massachusetts Institute of Technology
MIT 6.035 Specifying Languages with Regular essions and Context-Free Grammars Martin Rinard Massachusetts Institute of Technology Language Definition Problem How to precisely define language Layered structure
More informationProgram Synthesis for Forth Forth Day 2012
Program Synthesis for Forth Forth Day 2012 Computer Science UC Berkeley Ras Bodik Mangpo Phitchaya Phothilimthana Tikhon Jelvis Rohin Shah Synthesis with sketches Extend your language with two constructs
More informationTemporal Refinement Using SMT and Model Checking with an Application to Physical-Layer Protocols
Temporal Refinement Using SMT and Model Checking with an Application to Physical-Layer Protocols Lee Pike (Presenting), Galois, Inc. leepike@galois.com Geoffrey M. Brown, Indiana University geobrown@cs.indiana.edu
More informationIntroduction. Preliminaries. Original IC3. Tree-IC3. IC3 on Control Flow Automata. Conclusion
.. Introduction Preliminaries Original IC3 Tree-IC3 IC3 on Control Flow Automata Conclusion 2 of 22 Lifting IC3 to Control Flow Automata Tim Lange tim.lange@cs.rwth-aachen.de Introduction Preliminaries
More informationAutomatic synthesis of switching controllers for linear hybrid systems: Reachability control
Automatic synthesis of switching controllers for linear hybrid systems: Reachability control Massimo Benerecetti and Marco Faella Università di Napoli Federico II, Italy Abstract. We consider the problem
More informationImplementation of Lexical Analysis
Implementation of Lexical Analysis Outline Specifying lexical structure using regular expressions Finite automata Deterministic Finite Automata (DFAs) Non-deterministic Finite Automata (NFAs) Implementation
More informationLexical Analysis. Chapter 2
Lexical Analysis Chapter 2 1 Outline Informal sketch of lexical analysis Identifies tokens in input string Issues in lexical analysis Lookahead Ambiguities Specifying lexers Regular expressions Examples
More informationPROVING THINGS ABOUT PROGRAMS
PROVING THINGS ABOUT CONCURRENT PROGRAMS Lecture 23 CS2110 Fall 2010 Overview 2 Last time we looked at techniques for proving things about recursive algorithms We saw that in general, recursion matches
More informationAutomatic Synthesis of a Voting Machine Design
Automatic Synthesis of a Voting Machine Design Lili Dworkin Haverford College Sanjit Seshia University of California, Berkeley Wenchao Li University of California, Berkeley Haverford College Computer Science
More informationImplementation of Lexical Analysis
Implementation of Lexical Analysis Outline Specifying lexical structure using regular expressions Finite automata Deterministic Finite Automata (DFAs) Non-deterministic Finite Automata (NFAs) Implementation
More informationIntroduction to Lexical Analysis
Introduction to Lexical Analysis Outline Informal sketch of lexical analysis Identifies tokens in input string Issues in lexical analysis Lookahead Ambiguities Specifying lexical analyzers (lexers) Regular
More informationProving liveness. Alexey Gotsman IMDEA Software Institute
Proving liveness Alexey Gotsman IMDEA Software Institute Safety properties Ensure bad things don t happen: - the program will not commit a memory safety fault - it will not release a lock it does not hold
More informationAutomatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
More informationTemporal logic-based decision making and control. Jana Tumova Robotics, Perception, and Learning Department (RPL)
Temporal logic-based decision making and control Jana Tumova Robotics, Perception, and Learning Department (RPL) DARPA Urban Challenge 2007 2 Formal verification Does a system meet requirements? System
More informationAbstractions and small languages in synthesis CS294: Program Synthesis for Everyone
Abstractions and small languages in synthesis CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California, Berkeley Today Today: we describe why high-level
More informationBehavior models and verification Lecture 6
Behavior models and verification Lecture 6 http://d3s.mff.cuni.cz Jan Kofroň, František Plášil Model checking For a Kripke structure M = (S, I, R, L) over AP and a (state based) temporal logic formula
More informationSyntactic Optimizations for PSL Verification
Syntactic Optimizations for PSL Verification Alessandro Cimatti, Marco Roveri, and Stefano Tonetta 2 ITC-irst Trento, Italy {cimatti,roveri}@itc.it 2 University of Lugano, Lugano, Switzerland tonettas@lu.unisi.ch
More informationAN ABSTRACTION TECHNIQUE FOR REAL-TIME VERIFICATION
AN ABSTRACTION TECHNIQUE FOR REAL-TIME VERIFICATION Edmund M. Clarke, Flavio Lerda, Muralidhar Talupur Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213 {flerda,tmurali,emc}@cs.cmu.edu
More informationA Deterministic Concurrent Language for Embedded Systems
A Deterministic Concurrent Language for Embedded Systems Stephen A. Edwards Columbia University Joint work with Olivier Tardieu SHIM:A Deterministic Concurrent Language for Embedded Systems p. 1/38 Definition
More informationReducing Fair Stuttering Refinement of Transaction Systems
Reducing Fair Stuttering Refinement of Transaction Systems Rob Sumners Advanced Micro Devices robert.sumners@amd.com November 16th, 2015 Rob Sumners (AMD) Transaction Progress Checking November 16th, 2015
More informationOverview of Timed Automata and UPPAAL
Overview of Timed Automata and UPPAAL Table of Contents Timed Automata Introduction Example The Query Language UPPAAL Introduction Example Editor Simulator Verifier Conclusions 2 Introduction to Timed
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Schedule of Lectures Jan 17/19: Interprocedural DFA
More information